We care about your privacy
Your trust matters to us – without it, we can’t do business.
Protecting your data
We have a comprehensive security program at TravelPerk designed to keep your personal data safe. You can read more here, but in summary:
- We limit who has access to this data.
- We keep it encrypted at rest and during transit.
- We provide training to all employees on security and data protection.
- We maintain a limited list of data sub processors where client personal data can be stored/processed.
Data Subject Rights
Our personal data team is on standby to fulfil any request you may have, in line with GDPR data subject rights.
- We have an appointed Data Protection Officer (DPO)
- We have a wider team of specialists to fulfil requests
- We have internal tooling built into our applications to support any requests.
You can reach us at email@example.com to exercise your rights, which are:
- To request access to your personal data
- To request rectification or erasure of your personal data
- To request the restriction of processing your personal data
- To object to the processing of your personal data
- To request a portable copy of your personal data
You may also withdraw your consent or choose to file a complaint with a supervisory authority.
We perform a careful audit of any potential Data Sub Processor before they can work with TravelPerk. This includes:
- A security audit of their security measures and certifications
- A subsequent risk assessment
- A Data Processing Agreement (DPA) established
- Suitable legal agreement in place
When is your information shared with other third parties?
We share your information only where:
- You ask us to
- To fulfil our contract with you or the customer
- Where there is a legal obligation to do so
- Where there is a legal basis that allows us to
Companies you book travel with via TravelPerk (such as airlines, hotels, trains and car rentals) will collect and process your personal data according to their own privacy policies as independent data controllers.
How do we protect your personal data for international data transfers outside of the EU/EEA?
Where our use of a third party processor or sub-processor involves the transfer of personal data from within the European Economic Area (EEA) to a location outside of it, we:
- Implement appropriate measures and safeguards to maintain the same high standard of protection
- Security audit and risk assessment of data sub-processors
- Legal agreements such as Standard Contractual Clauses (SCC) approved by the European Commission.